Firefox overules Avast! proxy at port 443

Discussion in 'other firewalls' started by poirot, Sep 1, 2006.

Thread Status:
Not open for further replies.
  1. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    My Jetico v.1.0 is working absolutely fine,but i have noticed in Ask User that it asks sometimes the permission to an outbound connection to port 443 -when there's the 'padlock',when registering somewhere or everytime i make Mozilla updates/extensions-
    not for Avast! ashWebSV.exe,
    which all outbound-inbound connections go through at 12080, but directly for Firefox.
    I wonder if this is normal or if i forgot something about 443 at setup.
    I always use FF to navigate so i cannot explain these 'exceptions'.

    My relevant settings in Jetico are:

    APPLICATION TABLE-
    WebBrowser dis any access to network ashWebSV.exe
    WebBrowser dis any access to network firefox.exe
    WebBrowser dis any access to network IExplorer.exe

    WEB BROWSER-
    accept dis 0 accesstonetwork
    accept dis any accesstonetwork ashWebSV.exe
    accept dis TCP/IP inb. ashWebSV. any 17.0.0.1 12080 1024-4999
    accept dis TCP/IP outb ashWebSV. any any 1024-4999 80
    accept dis TCP/IP outb ashWebSV. any any 1024-4999 443
    reject dis any any ashWebSV.
    accept dis any accesstonetwork firefox.exe
    accept dis TCP/IP outb firefox.exe any 127.0.0.1 1024-4999 12080
    reject dis any any firefox.exe
    accept dis any accesstonetwork IExplorer.exe
    accept dis TCP/IP outb IExplorer.exe any 127.0.0.1 1024-4999 12080
    reject dis any any IExplorer.exe
    reject Default action


    Fwsetup.exe is on reject.
    My Firefox is set to a ManualProxy configuration, HTTP proxy localhost,port 12080. No Proxy for localhost,127.0.0.1

    similarly for IE.

    (I must say i tried with the option 'Direct connection to the Internet' and
    absolutely nothing changes.....FF and IE behave the same way with or without these 'proxy' settings, Avast! proxy likewise is unperturbed by such a change and works the same.)(i'd say..well)
     
  2. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi poirot,

    I posted rules for you here for Avast/firefox->Jetico.

    Have you correctly placed a jump to "browser rules" for firefox (I would suggest that you split the rules up,.. as I originally posted)


    EDIT: I think I can see the problem, your application table (ask user) rules. These should be a jump to browser rules for any event (not just access to network)


    .
     
    Last edited: Sep 1, 2006
  3. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    Stem thanks a lot, i just changed in Application Table from 'Access to network' into 'any',as it should have been.
    Quite frankly,in spite of the existence of a few Manuals and Jetico Help files
    i would have never succeeded in setting this firewall up to a good standard without you. 'Nail' should hire you up as at least an Advisor for their firewall!
    Regarding the Avast! proxy-Browsers settings issue i mentioned,that is,the fact that either with proxy settings in place in firefox or not the result is the same, perhaps these browser settings (localhost:12080) were surely needed with Windows98 but not anymore with XP, or at least with Firefox.
    (Just an hypothesys)
    The fact is i have one pc with browsers set with localhost&12080 and another-both same programs- with 'direct connection to internet' ....and they work exactly the same way.....Avast! proxy works fine with both.
    Perhaps it is because Jetico settings force the browsers to connect to
    port 12080 and in such a way the browsers have no option albeit devoid of proxy rules?
    I'll make a few more experiments about this and let you know.
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi poirot,
    I will re-install to have a play.

    Edit:,
    I think this is a good example of problems with using local proxy, and how it would be easy for other application to gain access through localhost.

    Anyway:-
    For the browser rules, make the remote port any (for the 127.0.0.1 outbound connection).

    Dont forget to add port 443 to Avast "webshield redirected HTTP"
     
    Last edited: Sep 1, 2006
  5. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    I may add that this issue is the hardest to control and fully understand among all firewall issues...at least for me,as i had to fight with Sygate loophole at first and now with a proper Jetico set up.
    On the other hand i would hate to give up Avast! proxy as i am more than enthusiastic about its effectiveness.
    I use the pc for four or five hrs a day and visit many sites,but since i went from my previous AVG to Avast! i can assure you i didnt have to delete more than two or three low danger level tracking cookies in 10 months.Of course great merit to Firefox and its extensions,like NoScript,but Avast! turned BOClean antitrojan into a jobless comprimary.
    I could put the WebShield at rest and get on with just the Standard protection and all these problems would vanish, but i am confident to find the right answers here....

    I will apply the other two suggestions as soon as i disable ShadowUser later on, thanks again Stem.
     
  6. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    More eloquent than words-yesterday connection to FF updates with
    my previous settings:
     

    Attached Files:

  7. poirot

    poirot Registered Member

    Joined:
    May 4, 2005
    Posts:
    299
    and this is after your suggestions Stem, all is OK:
     

    Attached Files:

    • .jpg
      .jpg
      File size:
      11.3 KB
      Views:
      6
  8. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi poirot,
    There is no need to give up Avast proxy,.. you just need to keep a tight config,... and keep the loopback out of the trusted zone.
     
Loading...
Thread Status:
Not open for further replies.